Initial version of a spec providing ILP payments for HTTP calls #149
Conversation
|
Oh and I skipped RFC number 13 to avoid bad luck. Bad enough that most of this spec was written on Friday 13th (1/13/2017), no need to pile it on. |
Unfortunately, Github doesn't seem to link it correctly otherwise.
justmoon
force-pushed
the
docs/st-http-ilp
branch
from
f61c466
to
049d8fe
Compare
|
@justmoon can I merge? |
|
Would like to update this for the latest PSK/etc. changes before we merge. Stand by! |
|
|
||
| The `fulfillment` is generated as: | ||
|
|
||
| * Fulfillment: `HMAC(SHA256, condition_seed, destination_account || destination_amount)` |
There was a problem hiding this comment.
Would destination_account || destination_amount not always be equal to just destination_account? Are there situations where destination_account is undefined?
There was a problem hiding this comment.
and I assume that here, in this example, condition_seed is
Buffer.from('SkTcFTZCBKgP6A6QOUVcwWCCgYIP4rJPHlIzreavHdU', 'base64')
and not
Buffer.from('SkTcFTZCBKgP6A6QOUVcwWCCgYIP4rJPHlIzreavHdU', 'utf8')
There was a problem hiding this comment.
also, I would put a counter in the destination address, so that you get a different condition each time you pay to the same receiving party
|
|
||
| ### 2.2. Server rejects request, because token is new and unfunded | ||
|
|
||
| The server returns an HTTP error of `402 Payment Required` and includes response headers showing the amount (how much the request would have cost), an ILP address and a condition seed. |
There was a problem hiding this comment.
-> a base64-encoded condition seed. otherwise people will try to use that string directly for the HMAC operation below
|
I used the The rest is a bit different though; it sends the X-Pay header first, without sending a body yet, and then streams the letters as you pay for them one-by-one. |
| ``` http | ||
| POST /upload HTTP/1.1 | ||
| Host: myservice.example | ||
| X-Pay-Token: 7y0SfeN7lCuq0GFF5UsMYZofIjJ7LrvPvsePVWSv450 |
There was a problem hiding this comment.
Shouldn't it just be Pay-Token? See RFC 6648 on deprecating the X prefix
There was a problem hiding this comment.
Yeah, current unhash implementation uses Pay and Pay-Token
There was a problem hiding this comment.
oh, good to know :) I'll update that in my tutorial as well, then.
|
I created an updated version of this PR in #306 |
* docs: http-ilp rough draft * docs(0014): convert sequence diagram to png Unfortunately, Github doesn't seem to link it correctly otherwise. * fix: correct filename 0004 -> 0014 * chore: add doc version header * fix: remove X- prefix from header names * update * chore: apply review comments
|
merged in #306 |
This spec was motivated by me needing a payment solution for Unhash, which is an HTTP-based protocol. I already started the work to add webhooks as per this spec to ilp-kit.
This is based on @emschwartz's previous (unpublished) spec, which in turn is based on work we've done together with the rest of the Codius team.
I'm posting this here for reference, not to start a discussion about what this standard should eventually look like. I liked the approach we took with the Five Bells Ledger API - build some initial thing first, then when it's up and running and we've learned a ton, let's have a more informed conversation about standardizing it and cleaning it up (Common Ledger API). So this is just the initial thing to get us up and running.